How Swiss Companies Can Comply with Google’s New Ad Consent Policies
An important update is coming for Swiss businesses that use Google Ads as they will need to follow Google's new consent requirements for obtaining users’ consent. Starting July 31, 2024, new rules will ensure users understand and agree to how their data is used for advertising. These rules are similar to those in other European countries and aim to give users more control over their data. In essence, you'll need to get user permission for two things: using cookies on their devices and using their information to personalize ads.
We have discussed this change in an associated blog post where we explained what this means for businesses in Switzerland who wish to continue using Google’s advertising services, such as AdSense, Ad Manager, and AdMob.
In short, Swiss businesses using Google Ads will need a Consent Management Platform (CMP) certified by Google to get user consent by July 31st. As of January 16, 2024, publishers and developers using Google’s ad services have already had to start using a Consent Management Platform (CMP) certified by Google and compliant with the Interactive Advertising Bureau’s (IAB) Transparency and Consent Framework (TCF 2.0). This requirement aligns with the EU’s regulations, the GDPR and the ePrivacy Directive, to ensure explicit user consent.
The CMPs must also be able to handle the Additional Consent specification for ad tech providers not registered with the TCF. If your CMP cannot manage this, you might face limitations, like only being able to serve a restricted number of ads. This means your advertising reach could be significantly reduced.
In this article, we are taking a closer look at what businesses in Switzerland need to do to comply with these changes.
Talk to one of our experts today so your business can meet the deadline and sail past it smoothly! Learn More →
What is the ePrivacy Directive?
The ePrivacy Directive is a European Union law that focuses on protecting the privacy of people using electronic communications, such as emails, text messages, and online messaging. It aims to make sure that personal information is kept safe and that people have control over how their data is used, by setting out a series of requirements as follows:
- Keeping messages confidential: Electronic communications must remain private and cannot be intercepted or monitored without consent.
- Controlling cookies on websites: Websites need visitors’ permission to store cookies on their devices.
- Reducing spam emails: Businesses must get people's consent before sending promotional messages.
- Protecting your data security: Service providers need to take measures to keep your communication data secure.
What is the GDPR?
The General Data Protection Regulation (GDPR) is the EU’s comprehensive data protection law enacted in 2018 that aims to change the way EU citizens’ personal data is collected, processed and stored, transferring the power over personal data from companies to data subjects. It does this by setting out strict consent requirements, establishing data subject rights, mandating a series of principles for data processing, and imposing hefty fines for non-compliance. In short:
- Organizations must obtain clear and explicit consent from individuals before collecting or processing their personal data.
- Individuals have the right to access, rectify, erase, and restrict the processing of their data. They can also object to data processing and have the right to data portability.
- Organizations must be transparent about how they collect, use, and store personal data. They are also required to implement measures to ensure data protection and to demonstrate compliance with GDPR.
- Non-compliance with GDPR can result in hefty fines, up to €20 million or 4% of the company's global annual turnover, whichever is higher.
Continue running Google Ads with no interference!
What does consent mean under the ePrivacy Directive and the GDPR?
For both the ePrivacy Directive and GDPR, consent means you clearly and freely agree to your information being used. This means you understand what data is being collected, how it's used, and you have the option to say no.
How Does the IAB TCF work with Google Ads and the GDPR?
Here's a breakdown of how the IAB Transparency and Consent Framework (TCF) works with Google Ads and GDPR compliance:
- The TCF provides a standardized way for businesses to manage and communicate consent between publishers, advertisers, and technology vendors. This ensures that all parties handle user data consistently and transparently.
- Google requires the use of CMPs that are certified under the TCF. These CMPs collect, store, and share user consent data in a way that aligns with both Google’s policies and GDPR requirements.
- By using TCF-compliant CMPs, businesses can provide users with clear and consistent information about how their data will be used. This enhances transparency and helps build user trust.
- The TCF simplifies compliance with GDPR by providing a clear framework for obtaining, storing, and managing user consent. This reduces the risk of non-compliance and potential penalties.
Seamless integration in no time!
What do businesses in Switzerland have to do?
Here's a breakdown of what Swiss businesses using Google Ads need to do to comply with the new rules:
- Double-check your consent tools: Make sure your Consent Management Platform (CMP) follows both GDPR and Google's ad consent rules.
- Choose a Google-certified CMP: Not all CMPs are created equal! Look for one with a Google stamp of approval that works with the IAB Transparency and Consent Framework (TCF). This ensures everything is talking the same language when it comes to user consent.
- Be clear about cookies: Before storing cookies on users' devices, you need their permission. Show a clear cookie consent banner that explains what cookies your site uses (categorized for easy understanding) and gives users the option to accept or reject them.
Important Note: Using a non-compliant CMP could stop your campaigns in Google Ads.
On January, 13, 2023, the EDPB published a report outlining six common cookie consent banner setup mistakes which caused businesses to be found non-compliant with the GDPR. Below we are listing out a summary of these cookie banner mistakes:
- Mistake 1: Failing to Display a ‘Reject All’ Button
- Many cookie banners only have an ‘Accept All’ button, or an option to view more choices, but lack a ‘Reject All’ button. To comply with GDPR, your banner must include this option so users can clearly refuse all non-essential cookies.
- Mistake 2: Using Deceptive Designs for Links
- Some cookie banners hide the ‘Reject’ option in a hard-to-find link, which invalidates consent. Consent must be clear and easily understood, so avoid using hidden or misleading links for refusing cookies.
- Mistake 3: Using Deceptive Colors and Contrast for Buttons
- Using business branding colors in cookie banners is common, but ensure the contrast between button text and background is readable. Poor contrast can lead to unintentional consent, which is invalid under GDPR.
- Mistake 4: Having Pre-ticked Boxes
- Pre-ticked boxes for cookie consent are not allowed under GDPR and the ePrivacy Directive. Users must actively choose their preferences, so avoid using pre-selected options for cookies.
- Mistake 5: Wrongly Classifying Cookies
- If you classify cookies as “essential” or “strictly necessary,” be prepared to provide documentation supporting these classifications. Misclassifying cookies can lead to non-compliance.
- Mistake 6: Not Displaying a Consent Withdrawal Option
- Both GDPR and the ePrivacy Directive require that users can easily withdraw their consent. While not mandatory, having a visible and accessible way for users to withdraw consent, such as a hovering icon, is recommended for compliance.
What are the benefits of implementing Google’s changes for running ads?
- You are compliant: By following Google's rules, your business will comply with data protection laws in Europe, the UK, and Switzerland. This helps you avoid fines and legal trouble.
- You build trust: Clear consent practices make users feel their data is safe. This can increase their trust and willingness to use your services.
- You have full access to ads: Using a Google-approved Consent Management Platform (CMP) means you can show all types of ads without limits, helping you reach more customers.
- You get better data management: Proper consent tracking helps you manage user data correctly and respond to their requests about their data easily.
- You get a competitive edge: Being ahead in following these rules shows that your business cares about data privacy, making you more attractive to customers and partners.
- You avoid disruptions: Staying compliant prevents Google from limiting your ad services, ensuring your advertising efforts run smoothly without interruptions.
How can Clym help?
Clym is a user-friendly CMP that simplifies compliance and puts you in control of user consent. It integrates seamlessly with Google Ads and helps you meet GDPR requirements. As of January 2024, Clym is proud to announce its approved status as the newest CMP to join IAB Europe's Transparency and Consent Framework v2.2 TCF.
As a Google certified CMP, Clym helps with TCF 2.2 implementation by offering a compliance tool that integrates the framework helping businesses simplify consent management, facilitating compliance with GDPR and user-friendly data processing.
See Clym in action today!
Clym assists businesses in seamlessly aligning with IAB TCF standards, facilitating compliance with the ePrivacy Directive and GDPR provisions. Our Consent Management Platform (CMP) streamlines user consent management, addressing the DSRs and meeting practical requirements for a standardized and trustworthy online experience.
Clym's user-friendly interface allows individuals to navigate and customize their privacy settings, ensuring a personalized and transparent online experience. This process involves users interacting with the CMP, making informed decisions about data consent. Simultaneously, vendors in the digital ecosystem receive these signals through the CMP, establishing a clear and efficient communication channel.
Here is an example of how vendors are listed in the initial banner on a website:
In addition to this, Clym helps businesses display a cookie consent banner that is in compliance with the EDPB’s report and subsequent requirements for avoiding the mistakes outlined earlier in this article.
Convince yourself and see Clym in action today by booking a demo or reaching out to us to discuss your specific needs.
Alex is a Content Developer at Clym, where he researches and writes about everything related to data privacy and web accessibility compliance for businesses, helping them stay informed on their compliance needs and spreading awareness about making the web safer and more inclusive. When he’s not writing about compliance, Alex has his nose in a book or is hiking in the great outdoors.
Learn More →
FAQs
What is the new consent requirement for Swiss businesses using Google Ads?
Starting July 31, 2024, Swiss businesses using Google Ads must follow new rules to obtain users' consent for using their data for advertising. This includes getting permission to use cookies and personalizing ads, similar to regulations in other European countries.
What is a Consent Management Platform (CMP) and why is it important?
A CMP is a tool that helps businesses manage user consent for data usage. It ensures compliance with data protection laws and Google's ad policies. Using a Google-certified CMP is crucial to maintain the ability to serve ads without limitations.
What are the consequences of using a non-compliant CMP?
Using a non-compliant CMP may result in limitations on the number of ads you can serve, significantly reducing your advertising reach. Non-compliance could also lead to legal issues and potential fines.
How do the IAB TCF and Google Ads work together to ensure GDPR compliance?
The IAB Transparency and Consent Framework (TCF) provides a standardized way to manage and communicate user consent. Google requires the use of TCF-compliant CMPs to align with GDPR and ensure consistent and transparent data handling.
What should Swiss businesses do to comply with Google's new consent rules?
Swiss businesses should:
- Ensure their CMP follows GDPR and Google's ad consent rules.
- Choose a Google-certified CMP that works with the IAB TCF.
- Clearly communicate cookie usage and obtain user consent through a transparent cookie consent banner.
What common mistakes should I avoid when setting up my cookie consent banner?
Avoid the following mistakes:
- Failing to display a ‘Reject All’ button.
- Using deceptive designs for links.
- Using deceptive colors and contrast for buttons.
- Having pre-ticked boxes.
- Wrongly classifying cookies.
- Not displaying a consent withdrawal option.
What are the benefits of complying with Google's new consent requirements?
Benefits include:
- Compliance with data protection laws, avoiding fines.
- Building user trust through clear consent practices.
- Full access to ads without limitations.
- Better data management and response to user requests.
- Competitive advantage by showing commitment to data privacy.
- Avoiding disruptions in advertising services.
How can Clym help?
Clym offers a user-friendly CMP that integrates with Google Ads and meets GDPR requirements. As a Google-certified CMP, Clym simplifies consent management, ensures compliance with the ePrivacy Directive and GDPR, and provides a transparent user experience.